BSOD: PAGE_FAULT_IN_NONPAGED_AREA (wdfilter.sys)

[DcoltTech]

Hi,

I keep getting the BSOD: PAGE_FAULT_IN_NONPAGED_AREA (wdfilter.sys) on windows 10. I have included the relevant files. It seems to happen randomly.&nbsp

https://www.mediafire.com/folder/eyrv7dcy3l8wfcp,tmimf7b3p0z7fgu/shared

 

[jimmysmitty]

From what I can find, the issue seems to be related to Windows Defender, the built in AV from Microsoft. Have you tried opening a CMD Prompt and running a SFC /scannow ? See if that fixes it.

The only other thing it could be is bad memory.

 

[johnbl]

looking at the driver list of your mini dump it looks like you have a few third party filter drivers installed. I think one is making modifications to other drivers packets. I would start cmd.exe as an admin
run
verifier.exe /standard /all
then change the memory dump type to kernel (see link below)
reboot and wait for the next bugcheck. The verifier flags should catch the driver that is making the bad changes. The kernel dump will cause the internal error logs to be saved. Windows will bugcheck when it detects the bad driver.

Note: use
verifier.exe /reset
to turn off verification when done testing. (you might have to boot into safe mode)

--------------
windows defender was running and crashed in its filter driver. WDFilter.sys

I would suspect that you have a filter driver installed that is interfering with the windows defender driver and causing it to crash.

you can start cmd.exe as an admin then run
fltmc.exe to see what filter drivers you have installed on your system.
here is the list my windows 10 shows:


C:\WINDOWS\system32>fltmc.exe

Filter Name Num Instances Altitude Frame
------------------------------ ------------- ------------ -----
WdFilter 6 328010 0
storqosflt 0 244000 0
FileCrypt 0 141100 0
luafv 1 135000 0
npsvctrig 1 46000 0
FileInfo 6 45000 0
Wof 5 40700 0


you can also change your memory dump type to kernel and it will save debug info on the filter drivers so the problem can be debugged the next time your system crashes.
how to change memory dump type:https://www.sophos.com/en-us/support/knowledgebase/111474.aspx

 

[itmoba]

It might be easier to use PowerShell and issue Cmdlets, like, "Set-MpPreference" and "Get-MpComputerStatus" (not in that order).

 

[johnbl]

You have too many suspect driver to tell which one is causing which problem.
SMART Board Technologies Mouse Upper Filter Driver
Logitech filter drivers

my money is betting on this driver:
Hide Folders 2009 file encryption driver
\SystemRoot\System32\Drivers\FSPFltd.sys Thu Jun 05 10:37:17 2008

You might just want to remove all the filter drivers and add the ones you really want to have installed.
Or turn verifier and work through the bugchecks /memory dumps.

other suspect drivers:
Netgear Neutral Wireless Solution
(and others)
\SystemRoot\system32\DRIVERS\scmndisp.sys Tue Jan 16 23:48:03 2007

 

[itmoba]

You have too many suspect driver to tell which one is causing which problem.
SMART Board Technologies Mouse Upper Filter Driver
Logitech filter drivers

my money is betting on this driver:
Hide Folders 2009 file encryption driver
\SystemRoot\System32\Drivers\FSPFltd.sys Thu Jun 05 10:37:17 2008

You might just want to remove all the filter drivers and add the ones you really want to have installed.
Or turn verifier and work through the bugchecks /memory dumps.

I'd like to add to this that it'd be very helpful for the OP to paste the unabridged logs in their report. This will give us a bit more insight into the problem.

 

[johnbl]

Note: this machine has 33 suspect drivers installed.

People never get the correct logs and It takes a lot of effort. With the kernel memory dump you can read the internal logs and just see why windows called the bugcheck. From the minidump you can mostly see the problem but in this case you need the kernel memory dump and verifier to make prove which driver caused the problem. (rather than just blaming the victim driver (windows defender filter driver)

You have too many suspect driver to tell which one is causing which problem.
SMART Board Technologies Mouse Upper Filter Driver
Logitech filter drivers

my money is betting on this driver:
Hide Folders 2009 file encryption driver
\SystemRoot\System32\Drivers\FSPFltd.sys Thu Jun 05 10:37:17 2008

You might just want to remove all the filter drivers and add the ones you really want to have installed.
Or turn verifier and work through the bugchecks /memory dumps.

I'd like to add to this that it'd be very helpful for the OP to paste the unabridged logs in their report. This will give us a bit more insight into the problem.

 

[itmoba]

I find logs that in their entirety aren't always very troublesome, especially when it's possible to parse them, be it with grep, Perl, Awk, or native PowerShell Cmdlets. Regular expressions, interesting enough, share the duality of being your best friend and/or a nightmare.

 

[johnbl]

yep, but when you bugcheck the logs are not always flushed to the disk and you may not even see the last entries. Or 20 or so entries depending on how fast they are coming in. I also find It is hard to get people to do the commands.

I find logs that in their entirety aren't always very troublesome, especially when it's possible to parse them, be it with grep, Perl, Awk, or native PowerShell Cmdlets. Regular expressions, interesting enough, share the duality of being your best friend and/or a nightmare.

 

[itmoba]

Sadly, the terminal is slowly parting ways as users become more and more dependent on the GUI. Oh well, I guess Fisher Price wins.